New ISA Server acting as a master browser

Discussion in 'Server Networking' started by Gaspar, Mar 29, 2006.

  1. Gaspar

    Gaspar Guest

    I have two windows 2003 servers that are domain controllers (names: SERVER1
    and SERVER2). I installed a third server with ISA 2004 (name: PROXY) that it
    is only a member of this domain.

    The problems is that I'm getting the following errors in the event log:
    "The master browser has received a server announcement from the computer
    PROXY that believes that it is the master browser for the domain on
    transport NetBT_Tcpip_{ED8A954B-25B5-4A39-8BF. The master browser is
    stopping or an election is being forced"

    Is this normal? Can PROXY act as a master althought it's not a domain
    controller?

    Thanks.
     
    Gaspar, Mar 29, 2006
    #1
    1. Advertisements

  2. How do you have DNS & WINS configured on the ISA?


    --
    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Troubleshooting Client Authentication on Access Rules in ISA Server 2004
    http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

    Microsoft Internet Security & Acceleration Server: Guidance
    http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
    http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp

    Deployment Guidelines for ISA Server 2004 Enterprise Edition
    http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
     
    Phillip Windell, Mar 29, 2006
    #2
    1. Advertisements

  3. Gaspar

    Massimo Guest

    Every computer which has NetBIOS enabled can partecipate in the master
    browser election; that role has nothing to do with being a DC.

    But ISA should be blocking all traffic (including NetBIOS), unless you
    enabled it in the system policy...


    Massimo
     
    Massimo, Mar 29, 2006
    #3
  4. Gaspar

    Gaspar Guest

    How do you have DNS & WINS configured on the ISA?
    I don't use WINS.
    DNS in LAN adapter points to 192.168.0.1 (SERVER1 ip), and
    192.168.0.2(SERVER2 ip) as secondary.
    Both DNS servers in SERVER1 and SERVER2 use ISP DNS as forwarders. Also
    PROXY is configured as default gateway.

    Thanks
     
    Gaspar, Mar 29, 2006
    #4
  5. Gaspar

    Gaspar Guest

    Every computer which has NetBIOS enabled can partecipate in the master
    So, which is the right settings / access rules that I have to configure?
    Thanks.
     
    Gaspar, Mar 29, 2006
    #5
  6. Gaspar

    henrik Guest

    disable Computer Browser Service on the ISA2004 box.
     
    henrik, Mar 29, 2006
    #6
  7. 1. Add WINS. You will be glad you did and it will solve problems that you
    don't even know you have yet.

    2. Create and anonymous Access Rule to allow all traffic between the
    Internal and Local Host. Add both Internal & LocalHost to both the "From"
    and the "To". If you can't trust your Internal Network to access the ISA
    box who can you trust?

    --
    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Troubleshooting Client Authentication on Access Rules in ISA Server 2004
    http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

    Microsoft Internet Security & Acceleration Server: Guidance
    http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
    http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp

    Deployment Guidelines for ISA Server 2004 Enterprise Edition
    http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
    -----------------------------------------------------
     
    Phillip Windell, Mar 29, 2006
    #7
  8. Gaspar

    Massimo Guest

    Why should you use WINS in a full Active Directory domain? Wasn't it
    supposed to be replaced by DNS?


    Massimo
     
    Massimo, Mar 29, 2006
    #8
  9. Is isn't about Active Directory. It is about all the Applications out there
    in the world that still work better with Netbios/WINS type of naming. It is
    bigger than Microsoft, even if MS was 100% devorced from WINS, there is
    still a whole world full of applications out there that still run better and
    more dependably with WINS/Netbios Naming.

    ....and before no ask,..No,...I don't have a list of examples...

    WINS costs next to nothing to run,...memory,..processing,...bandwidth,...it
    is not even noticed with modern hardware. So I always run it and always
    recommend it be run,...you don't *have* to,...but I recommend you do.
     
    Phillip Windell, Mar 29, 2006
    #9
  10. Gaspar

    Massimo Guest

    That's ok, I've not been using browsing for a while :)
    I've also looking into fully disabling NetBIOS, but I know some services
    still require it (that has also been said about Exchange, is it true?).


    Massimo
     
    Massimo, Mar 30, 2006
    #10
  11. Gaspar

    Massimo Guest

    Yes, I know about this, I too always leave NetBIOS enabled on my networks.
    But why WINS?
    I know Exchange itself is one of them :-/
    I also need you have to use NetBIOS in order to allow users to only log on
    to certain workstations (in the user account properties; you could use
    policies for this, of course).
    That's true, but you have to configure it in the network properties of every
    domain computer; *this* can be quite a pain, especially if you don't use
    DHCP.


    Massimo
     
    Massimo, Mar 30, 2006
    #11
  12. It NetBios Naming won't cross subnets without WINS and won't work accross
    VPNs without WINS.
    It is already on by default,...you have to go out of your way to every
    machine to turn it off. And even besides that it doesn't stop you from
    putting in the WINS Server anyway. If it is already disabled on the Client
    then leave it that way until you know you have a particular situation that
    requires it turned on. That doesn't stop you from adding the WINS Service on
    a Server.
     
    Phillip Windell, Mar 30, 2006
    #12
  13. It might not be true for Exchange2003, but I am not sure. I think it was
    Outlook anyway and not Exchange itself. But I am no expert on Exchange.
     
    Phillip Windell, Mar 30, 2006
    #13
  14. Gaspar

    Massimo Guest

    I was talking about the address of the WINS server :)


    Massimo
     
    Massimo, Mar 30, 2006
    #14
  15. Ah! Ok. Well, still the same,..you can have the WINS running anyway, but if
    a particular client works fine without it and leave it as it is, but if it
    needs it then add it to the tcp/ip config.
     
    Phillip Windell, Mar 30, 2006
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.